• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권2호
• /
• pp.811-829
• /
• 2015

One-way authenticated key agreement protocols, aiming at solving the problems to establish secure communications over public insecure networks, can achieve one-way authentication of communicating entities for giving a specific user strong anonymity and confidentiality of transmitted data. Public Key Infrastructure can design one-way authenticated key agreement protocols, but it will consume a large amount of computation. Because one-way authenticated key agreement protocols mainly concern on authentication and key agreement, we adopt multi-server architecture to realize these goals. About multi-server architecture, which allow the user to register at the registration center (RC) once and can access all the permitted services provided by the eligible servers. The combination of above-mentioned ideas can lead to a high-practical scheme in the universal client/server architecture. Based on these motivations, the paper firstly proposed a new one-way authenticated key agreement scheme based on multi-server architecture. Compared with the related literatures recently, our proposed scheme can not only own high efficiency and unique functionality, but is also robust to various attacks and achieves perfect forward secrecy. Finally, we give the security proof and the efficiency analysis of our proposed scheme.

• 한국의류산업학회지
• /
• 제16권4호
• /
• pp.588-595
• /
• 2014

The purpose of this study was to investigate the awareness levels of Korean textile companies and develop appropriate response plans for the Korea-US Free Trade Agreement. Through such, the study aims to explore practical and realistic directions that the Korean textile industry must take in the future. As for the research method, a survey on the Korea-US Free Trade Agreement was conducted to 50 Korean textile companies which mainly deal in textile exports. Results showed that Korean textile companies possess above average awareness for the Korea-US Free Trade Agreement and carry the perception that the FTA has thus far had a positive effect of market revitalization and contributions to sales. Nonetheless, perceptions on the needs for the Korea-US Free Trade Agreement and level of awareness were below average while government assistance seen to be unsatisfactory. Such results suggest that measures for successful access to the U.S. market require developing products customized for the U.S. market and creating new market opportunities by participating in U.S. exhibits and shows. In addition, textile companies must develop their abilities for self-sustainability through continuous FTA related programs provided by government in addition to investing efforts to understand global markets within companies through response measures on the FTA as a whole.

• East Asian Economic Review
• /
• 제16권4호
• /
• pp.363-394
• /
• 2012

WTO Government Procurement Agreement (GPA) was designed to liberalize and expand trade in government procurement. Revised GPA was implemented in 1996 and the latest revision was completed (but not yet implemented) in 2012, but as a plurilateral agreement. Since the end of the UR, there has been attempts by various WTO members to liberalize trade in the government procurement market - through an expansion of Parties who are signatories to GPA, and through a negotiated agreement on transparency in government procurement. The attempt to expand the Parties who are signatories to the GPA - attempt to increase the width of the coverage of the agreement - has been somewhat successful, but I argue that the goal should be to further liberate the government procurement markets of the current Party members - to reduce thresholds and other barriers which limit market access even to other GPA members, in other words, to increase the depth of coverage. Taking cue from Korea's FTA, I propose a two-level liberalization of the government procurement market under the GPA: A "light" level which would be the same as the current level of liberalization; and a "deep" level with lower thresholds and less exemptions. I argue that, as seen in Korea, with FTAs, many GPA Parties already have multiple levels of liberalization (i.e, spaghetti-bowl effect of FTAs), but by limiting the levels of liberalization to two, we can seek the best of deep liberalization but reduce the spaghetti-bowl effect.

• International Journal of Internet, Broadcasting and Communication
• /
• 제12권1호
• /
• pp.14-26
• /
• 2020

We categorize partnership types between network operators and a global video streaming or over-the-top service provider, Netflix from 2011 to the first quarter 2018. The options are based on the integration of over-the-top (OTT), Netflix with pay TV and telecommunication operators in the form of carrier billing, access to over-the-top (OTT) via devices or the development of their tariff plans. Options of the Type 3, 'cooperation' or the Type 4, 'agreement' entails a kind of the technical involvement between two partners and commercial agreement. The types of partnership are evolving from one to others. Some partnerships have characteristics of more than one type. The majority of technical or service integration cooperation of Type 3 entail bundling and marketing promotion of Type 2 and Type 1. Similarly, the 'agreement' of Type 4, co-branded or white-label service initiative entail tariff or device user interface (UI) integration of the 'cooperation' of Type 3 and joint marketing initiatives of Type 1.

• Journal of information and communication convergence engineering
• /
• 제9권4호
• /
• pp.431-434
• /
• 2011

Password-based user-authentication schemes have been widely used when users access a server to avail internet services. Multiserver password-authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. In 2008, Jia-Lun Tsai proposed an improved and efficient password-authenticated key agreement scheme for a multiserver architecture based on Chang-Lee's scheme proposed in 2004. However, we found that Tsai's scheme does not provide forward secrecy and is weak to insider impersonation and denial of service attacks. In this article, we describe the drawbacks of Tsai's scheme and provide a countermeasure to satisfy the forward secrecy property.

• 한국임상약학회지
• /
• 제28권1호
• /
• pp.40-50
• /
• 2018

Objective: This study presented the analysis period, the complexity of combined therapy and comparator choice as the key limitations in the economic evaluation of new drugs, and discussed programs for coping with these limitations. Methods: This study evaluated the post-evaluation, risk-sharing agreement, extra funding program, and flexible incremental cost-effectiveness ratio (ICER) threshold as actions or programs that would increase accessibility to costly new drugs. The study also presented the cases of other countries. The application of the post-evaluation was considered to deal with high uncertainty regarding new drugs. Results: The risk-sharing agreement was introduced in European countries as well as South Korea and has been responsible for the shift from using the financial schemes to outcome-based schemes. The drug funding program has had troubled in securing stable extra funds. The application of higher ICER in the economic evaluation of expensive and innovative oncology drugs was criticized because of the inequity between oncology patients and patients with other diseases. Conclusion: Therefore, introducing and applying actions that would increase the accessibility to costly new drugs in South Korea have been deemed necessary after careful reviews and discussions with various stakeholders (insurer, policy makers, pharmaceutical companies and patients).

• 정보보호학회논문지
• /
• 제14권3호
• /
• pp.137-144
• /
• 2004

3GPP-WLAN(3rd Generation Partnership Project-Wireless Local Area Network) interworking은 WLAN UE(user equipment)에 의한 3GPP 시스템내에서 자원 이용과 서비스 접근을 의미하며, 3GPP 서비스와 기능을 WALN 액세스 환경으로 확장함으로써, 3GPP 시스템에 무선 액세스 기술로 WLAN을 보완적으로 이용하는 것을 목적으로 한다. 본 논문에서는 3GPP-WLAN interworking에서 UE 개시 터널 설정을 위한 효율적인 메커니즘을 제안한다. 제안된 메커니즘은 UE와 3GPP AAA(Authentication, Authorization Accounting) 서버 사이의 인증과 키 일치 과정에서 미리 분배된 비밀키에 기반 한다. 따라서 UE에서 많은 계산을 필요로 하는 모듈러 지수승 연산과 공개키 서명 연산을 피할 수 있다. 또한 제안된 기법은 UE와 PDGW(Packet Data Gateway) 사이에 상호 인증과 세션 키 설정을 제공한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권1호
• /
• pp.282-304
• /
• 2014

Each cloud service has numerous owners and tenants, so it is necessary to construct a privacy preserving identity management and access control mechanism for cloud computing. On one hand, cloud service providers (CSP) depend on tenant's identity information to enforce appropriate access control so that cloud resources are only accessed by the authorized tenants who are willing to pay. On the other hand, tenants wish to protect their personalized service access patterns, identity privacy information and accessing newfangled cloud services by on-demand ways within the scope of their permissions. There are many identity authentication and access control schemes to address these challenges to some degree, however, there are still some limitations. In this paper, we propose a new comprehensive approach, called Privacy pReserving Identity and Access Management scheme, referred to as PRIAM, which is able to satisfy all the desirable security requirements in cloud computing. The main contributions of the proposed PRIAM scheme are threefold. First, it leverages blind signature and hash chain to protect tenant's identity privacy and implement secure mutual authentication. Second, it employs the service-level agreements to provide flexible and on-demand access control for both tenants and cloud services. Third, it makes use of the BAN logic to formally verify the correctness of the proposed protocols. As a result, our proposed PRIAM scheme is suitable to cloud computing thanks to its simplicity, correctness, low overhead, and efficiency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권1호
• /
• pp.119-131
• /
• 2013

With the explosive growth of computer networks, many remote service providing servers and multi-server network architecture are provided and it is extremely inconvenient for users to remember numerous different identities and passwords. Therefore, it is important to provide a mechanism for a remote user to use single identity and password to access multi-server network architecture without repetitive registration and various multi-server authentication schemes have been proposed in recent years. Recently, Tsaur et al. proposed an efficient and secure smart card based user authentication and key agreement scheme for multi-server environments. They claimed that their scheme satisfies all of the requirements needed for achieving secure password authentication in multi-server environments and gives the formal proof on the execution of the proposed authenticated key agreement scheme. However, we find that Tsaur et al.'s scheme is still vulnerable to impersonation attack and many logged-in users' attack. We propose an extended scheme that not only removes the aforementioned weaknesses on their scheme but also achieves user anonymity for hiding login user's real identity. Compared with other previous related schemes, our proposed scheme keeps the efficiency and security and is more suitable for the practical applications.

• Journal of Communications and Networks
• /
• 제14권6호
• /
• pp.682-691
• /
• 2012

Key agreement protocol is a fundamental protocol in cryptography whereby two or more participants can agree on a common conference key in order to communicate securely among themselves. In this situation, the participants can securely send and receive messages with each other. An adversary not having access to the conference key will not be able to decrypt the messages. In this paper, we propose a novel identity-based authenticated multi user key agreement protocol employing a symmetric balanced incomplete block design. Our protocol is built on elliptic curve cryptography and takes advantage of a kind of bilinear map called Weil pairing. The protocol presented can provide an identification (ID)-based authentication service and resist different key attacks. Furthermore, our protocol is efficient and needs only two rounds for generating a common conference key. It is worth noting that the communication cost for generating a conference key in our protocol is only O($\sqrt{n}$) and the computation cost is only O($nm^2$), where $n$ implies the number of participants and m denotes the extension degree of the finite field $F_{p^m}$. In addition, in order to resist the different key attack from malicious participants, our protocol can be further extended to provide the fault tolerant property.